CVE-2000-0689

Account Manager LITE - Privilege Escalation

Title source: llm

Description

Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by n30 · htmlremotecgi

https://www.exploit-db.com/exploits/20165

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by teleh0r · perlremotecgi

https://www.exploit-db.com/exploits/20164

View Code ZIP pw:eip

References (5)

[Exploit, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-08/0291.html

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/1604

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/5125

[Third Party Advisory, VDB Entry] http://www.osvdb.org/13341

[Various Sources] http://www.cgiscriptcenter.com/acctlite/

Scores

EPSS 0.0845

EPSS Percentile 92.4%

Details

Status published

Products (2)

cgi_script_center/account_manager lite_1.0

cgi_script_center/account_manager pro_1.0

Published Oct 20, 2000

Tracked Since Feb 18, 2026